Mount Synology NFSv4 export with id mapping
Disclaimer: ID mapping without a Kerberos server only works halfway with NFSv4, it seems. I managed to get the correct usernames to show up on my client when listing files, but creating new files always creates them as user nobody because the Synology doesn't map anything in that case. This bug report and the linked thread suggest this is normal behaviour of idmapd
when not using Kerberos for some reason. (EDIT: More detailed explanation.)
However, what I did:
First, you have to enable idmapping after loading the NFS service. For that, you have to edit the file /usr/syno/etc/rc.sysv/S83nfsd.sh
on the Synology. Find the line
SYNOLoadModules $KERNELMODULE
and add the following line after that:
echo "N" > /sys/module/nfsd/parameters/nfs4_disable_idmapping
Then, still on the Synology, edit the /etc/idmap.conf
and set the Domain
to your ITET-PHO
if not already set. Disable NFS, apply and re-enable (+apply) it afterwards in the Synology's control centre to reload nfds
.
On your client machine, create a file /etc/modprobe.d/nfs-idmap.conf
with the following contents:
options nfs nfs4_disable_idmapping=0
options nfsd nfs4_disable_idmapping=0
Reload the nfs
kernel module afterwards to apply the options.
Also make sure, idmapd
is running on your client. (On Ubuntu artful, I had to run sudo systemctl start nfs-idmapd
manually, I think.) And, of course, use nfsvers=4
as a mount option.
(On the Synology, you can killall idmapd
and run it in foreground using idmapd -f -vvv
to see if it's doing anything.)
Related videos on Youtube
erik
Updated on September 18, 2022Comments
-
erik almost 2 years
I have a Synology DiskStation (DSM 6.0.2) that exports shared directories via NFSv4. I specified a NFSv4 domain
ITET-PHO
.On another Linux machine (Debian Wheezy), I want to mount this export using idmapping. There I have the following configuration of
/etc/idmapd.conf
:[General] Verbosity = 2 Pipefs-Directory = /run/rpc_pipefs # set your own domain here, if id differs from FQDN minus hostname Domain = ITET-PHO [Mapping] Nobody-User = nobody Nobody-Group = nogroup [Translation] Method = static [Static] erikhe@ITET-PHO = erik
So I attempt to statically map the user
erikhe
on the Synology, which is in the domainITET-PHO
to the local usererik
. All other users should be mapped tonobody
. However, when I mount the shared directory, I just see the UID numbers from the Synology:drwxr-xr-x 4 1566874442 1566573057 4096 Okt 5 10:21 erikhe-301898
Also all the other UIDs are shown instead of
nobody
. In the log-file I see that idmap is doing something. This is when doingservice nfs-common restart
:Oct 5 15:11:07 sisyphous systemd[1]: Stopping LSB: NFS support files common to client and server... Oct 5 15:11:07 sisyphous nfs-common[6520]: Stopping NFS common utilities: idmapd statd. Oct 5 15:11:07 sisyphous systemd[1]: Stopped LSB: NFS support files common to client and server. Oct 5 15:11:07 sisyphous systemd[1]: Starting LSB: NFS support files common to client and server... Oct 5 15:11:07 sisyphous rpc.statd[6539]: Version 1.2.8 starting Oct 5 15:11:07 sisyphous sm-notify[6540]: Version 1.2.8 starting Oct 5 15:11:07 sisyphous sm-notify[6540]: Already notifying clients; Exiting! Oct 5 15:11:07 sisyphous rpc.idmapd[6551]: libnfsidmap: using domain: ITET-PHO Oct 5 15:11:07 sisyphous nfs-common[6530]: Starting NFS common utilities: statd idmapdrpc.idmapd: libnfsidmap: using domain: ITET-PHO Oct 5 15:11:07 sisyphous nfs-common[6530]: rpc.idmapd: libnfsidmap: Realms list: 'ITET-PHO' Oct 5 15:11:07 sisyphous nfs-common[6530]: rpc.idmapd: libnfsidmap: processing 'Method' list Oct 5 15:11:07 sisyphous nfs-common[6530]: rpc.idmapd: libnfsidmap: loaded plugin /lib/x86_64-linux-gnu/libnfsidmap/static.so for method static Oct 5 15:11:07 sisyphous rpc.idmapd[6551]: libnfsidmap: Realms list: 'ITET-PHO' Oct 5 15:11:07 sisyphous rpc.idmapd[6551]: libnfsidmap: processing 'Method' list Oct 5 15:11:07 sisyphous rpc.idmapd[6551]: libnfsidmap: loaded plugin /lib/x86_64-linux-gnu/libnfsidmap/static.so for method static Oct 5 15:11:07 sisyphous rpc.idmapd[6552]: Expiration time is 600 seconds. Oct 5 15:11:07 sisyphous rpc.idmapd[6552]: Opened /proc/net/rpc/nfs4.nametoid/channel Oct 5 15:11:07 sisyphous nfs-common[6530]: . Oct 5 15:11:07 sisyphous rpc.idmapd[6552]: Opened /proc/net/rpc/nfs4.idtoname/channel Oct 5 15:11:07 sisyphous systemd[1]: Started LSB: NFS support files common to client and server. Oct 5 15:11:07 sisyphous rpc.idmapd[6552]: New client: fa Oct 5 15:11:07 sisyphous rpc.idmapd[6552]: New client: fb Oct 5 15:11:07 sisyphous rpc.idmapd[6552]: Opened /run/rpc_pipefs/nfs/clntfb/idmap
And when I mount the export with
mount.nfs4 cerberous:/volume1/homes /mnt/test
I get:Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: New client: fc Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: New client: fd Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: New client: fe Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: Stale client: fe Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: #011-> closed /run/rpc_pipefs/nfs/clntfe/idmap Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: Stale client: fd Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: #011-> closed /run/rpc_pipefs/nfs/clntfd/idmap Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: Stale client: fc Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: #011-> closed /run/rpc_pipefs/nfs/clntfc/idmap
How can I make the id mapping (at least static) work on Debian? ID mapping should work with Synology in general. Eventually I would like to automatically map the Synology users to LDAP users on the Linux machine.
-
Jurian Sluiman over 7 yearsGot a solution? I am stuck to the same problem, my static id map doesn't seem to work either.
-
erik over 7 yearsNo, unfortunately not. It turned out that ID mapping for Synology just doesn't work. Instead I changed to mounting Samba mounts automatically on login of specific users using PAM mount. For system related folders (e.g. backup) I still use NFSv3 mounts that are accessible by root (or another system user) only.
-
atripes almost 7 yearsSynology is not doing a satisfying job imo. If I want to play around with that stuff, I set up my own Server. Getting things like network drives mapped correctly proved to be really tough on Win, OSX and now Linux. While I get, that it's not that easy in general, I was hoping that Synology takes some of that work off me for the money they charge for their rather weak machines. Sorry for the rant :/
-
-
Mike Lippert over 5 yearsThanks for this. I got it half working w/ your instructions, read the explanations and gave up on using NFS in any real way on Synology. I'm sorta sorry I didn't get another Netgear where I could have set the UIDs. I'm just squashing all users because trying to set up kerberos for home looks nuts. W/o this I might have kept searching for a way to make it work.
-
mbirth over 5 yearsI think you can login as root and edit the uids in
/etc/passwd
(but probably have to correct file owners accordingly) to match those from your clients. AFAIK, this is the only proper way to get NFS on the Synology working without Kerberos. But I was too lazy to actually try that out. -
Mike Lippert over 5 yearsUnfortunately that doesn't work, synology has it's own user db you can't access, I tried changing the entries in passwd, that would have been a fine solution.
-
John Ruiz over 4 yearsI tried this today and the value of /sys/module/nfsd/parameters/nfs4_disable_idmapping remains Y after a reboot of the Synology. Is there a better place to run that echo command?
-
John Ruiz over 4 yearsI am going to try this solution now: idefix.net/~koos/newsitem.cgi/1510339255